One of the major challenges for system administrators is the ability to implement controls that allow a user to make the most out of all functionality available on a computing platform (e.g., collaboration, connectivity, etc.) but still provide solid security controls to prevent the platform from compromise. More often than not, a configuration implemented for functionality within a corporate network may result in security vulnerabilities when the platform is outside the corporate network.
This issue is most evident in wireless networks, which are proliferating at a rapid pace today as computer users become increasingly mobile. These networks typically face significant security issues since the connection is not physical and any party with a compatible wireless network interface may position themselves to inspect and/or intercept wireless packets. In other words, any third party hacker or attacker may, with relative ease, gain access to packets being transmitted across a wireless network, regardless of who the packets are actually destined for. Various security controls may be implemented on these networks to alleviate this problem, but the ability to apply more stringent and better security controls based on the trustworthiness of the network is typically left to security vendors. Most vendors do not, however, provide configurable controls based on system location.
FIG. 1 illustrates conceptually a typical wireless network topology including a corporate network (“Corporate Network 100”) and an external network (“External Network 150”), with a wireless device (“Node 125”) traveling from one network to the other. Corporate Network 100 is typically separated from External Network 150 by a gateway or firewall or other such security mechanism (illustrated collectively in FIG. 1 as “Firewall 175”). When moving from one network to another, however, Node 125 will likely face different security issues but currently, Node 125 may not dynamically determine its location and change its security controls. Thus, although wireless networks offer users significant flexibility to “roam” across networks without being tied to a specific location, the wireless devices may or may not have adequate security control as they alternate between secure environments (e.g., within a corporation) and less or non-secure environments (e.g., outside the corporation).
Although the above description focuses on wireless devices, similar issues may arise with respect to non-wireless devices that may be moved from one location to another. For example, an owner of a laptop may be physically connected to a corporate network while he/she is in the office but at the end of the day, the owner may take the laptop home and connect it to his/her home office internet connection. In this scenario, the laptop may be moving from a secure (corporate) environment to a less secure (home) environment and the security requirements may be different in each environment.